<?php
/* $Id$ */
/*
    squid_nac.php
	Copyright (C) 2009 Wang Zhongliang <wzlsh629@163.com>.
	All rights reserved.

    Copyright (C) 2004, 2005 Scott Ullrich
    All rights reserved.

    Originally part of m0n0wall (http://m0n0.ch/wall)
    Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
    All rights reserved.

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are met:

    1. Redistributions of source code must retain the above copyright notice,
       this list of conditions and the following disclaimer.

    2. Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in the
       documentation and/or other materials provided with the distribution.

    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    oR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGE.
*/

##|+PRIV
##|*IDENT=page-system-login/logout
##|*NAME=System: Login / Logout page
##|*DESCR=Allow access to the 'System: Login / Logout' page.
##|*MATCH=index.php*
##|-PRIV


## Load Essential Includes
require_once('guiconfig.inc');
require_once('squid.inc');

if(!is_array($config['installedpackages']['squidnac']['config'][0]))
    $config['installedpackages']['squidnac']['config'][0] = array();
$a_squid = &$config['installedpackages']['squidnac']['config'][0];

if($_POST)
{
	$pconfig = $_POST;
	squid_validate_nac($_POST, &$input_errors);
	
	$a_squid['allowed_subnets'] = base64_encode(trim($pconfig['allowed_subnets']));
	$a_squid['unrestricted_hosts'] = base64_encode(trim($pconfig['unrestricted_hosts']));
	$a_squid['banned_hosts'] = base64_encode(trim($pconfig['banned_hosts']));
	$a_squid['whitelist'] = base64_encode(trim($pconfig['whitelist']));
	$a_squid['blacklist'] = base64_encode(trim($pconfig['blacklist']));
	$a_squid['ext_cachemanager'] = base64_encode(trim($pconfig['ext_cachemanager']));
	$a_squid['white'] = implode(' ', $pconfig['white']);
    $a_squid['black'] = implode(' ', $pconfig['black']);

	write_config();
	
	squid_resync();
}

if(isset($_GET['list']))
{
	echo file_get_contents('/usr/local/stairway/data/squid/' .  str_replace('/', '', $_GET['list']));
	exit;
}

$pconfig = $a_squid;
$pconfig['white'] = explode(' ', $pconfig['white']);
$pconfig['black'] = explode(' ', $pconfig['black']);
$list = squid_wb_list();
    
$pgtitle = array("WEB代理", "访问控制");
include("head.inc");
?>

<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onLoad="enablechange();">
<script language="JavaScript">
<!--
function enablechange() {
}
//-->
</script>
<?php
include("fbegin.inc");
?>

<form name="iform" action="squid_nac.php" method="post">

<input type="hidden" name="xml" value="squid_nac.xml">
<div class="soft_cont_right_table">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
   <tr><td class="tabnavtbl">
<?php
    $tab_array = array();
    $tab_array[0] = array("一般设置", false, "/pkg_edit.php?xml=squid.xml&id=0");
    $tab_array[1] = array("代理设置", false, "/pkg_edit.php?xml=squid_upstream.xml&id=0");
    $tab_array[2] = array("缓存管理", false, "/pkg_edit.php?xml=squid_cache.xml&id=0");
    $tab_array[3] = array("访问控制", true, "/squid_nac.php");
    $tab_array[4] = array("流量管理", false, "/pkg_edit.php?xml=squid_traffic.xml&id=0");
    $tab_array[5] = array("上网记录", false, "/squid_history.php");
//    display_top_tabs($tab_array);
?>  
  </td>
  </tr>
</table>
<div id="mainarea">
<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
  
      <tr valign="top">

      <td width="22%" class="vncell">允许的子网</td><td class="vtable"><textarea  rows='5'  cols='50'  name='allowed_subnets' ><?=base64_decode($pconfig['allowed_subnets']); ?></textarea>
<br>输入允许使用代理的子网，CIDR格式输入(例如：192.168.1.0/24)，换行分割。注意：默认设置为代理绑定接口的子网被允许，其他拒绝。

      </td></tr>
      <tr valign="top">
      <td width="22%" class="vncell">无限制IP</td><td class="vtable"><textarea  rows='5'  cols='50'  name='unrestricted_hosts' ><?=base64_decode($pconfig['unrestricted_hosts']); ?></textarea>
<br>输入不受其他访问控制影响的IP地址，换行分隔。

      </td></tr>
      <tr valign="top">
      <td width="22%" class="vncell">禁止的IP</td><td class="vtable"><textarea  rows='5'  cols='50'  name='banned_hosts' ><?=base64_decode($pconfig['banned_hosts']); ?></textarea>

<br>无法使用代理的IP地址列表，换行分隔。

      </td></tr>
      <tr valign="top">
      <td width="22%" class="vncell">白名单</td><td class="vtable">
      <?php foreach($list['white'] as $file => $descr): ?>
      <input type="checkbox" name="white[]" value="<?=$file;?>" <?php if(in_array($file, $pconfig['white'])) echo 'checked';?>><a target="_blank" href="squid_nac.php?list=<?=$file;?>"><?=$descr;?></a> &nbsp;&nbsp;&nbsp;&nbsp;
      <?php endforeach; ?>
      <br>
      <textarea  rows='5'  cols='50'  name='whitelist' ><?=base64_decode($pconfig['whitelist']); ?></textarea>
<br>访问这些域名或IP地址是被允许的，换行分隔，可以使用正则表达式。

      </td></tr>
      <tr valign="top">
      <td width="22%" class="vncell">黑名单</td><td class="vtable">
      <?php foreach($list['black'] as $file => $descr): ?>
      <input type="checkbox" name="black[]" value="<?=$file;?>" <?php if(in_array($file, $pconfig['black'])) echo 'checked';?>><a target="_blank" href="squid_nac.php?list=<?=$file;?>"><?=$descr;?></a> &nbsp;&nbsp;&nbsp;&nbsp;
      <?php endforeach; ?>
      <br>      
      <textarea  rows='5'  cols='50'  name='blacklist' ><?=base64_decode($pconfig['blacklist']); ?></textarea>
<br>访问这些域名或IP地址是被禁止的，换行分隔，可以使用正则表达式。

      </td></tr>
<!--
      <tr valign="top">
      <td width="22%" class="vncell">External Cache-Managers</td><td class="vtable"><input  size='60'  id='ext_cachemanager' name='ext_cachemanager' class='formfld unknown' value=''><?=htmlspecialchars($pconfig['ext_cachemanager']); ?>
<br>Enter the IPs for the external Cache Managers to be allowed here, separated by semi-colons (;).

      </td></tr>  <tr>
    <td>&nbsp;</td>
  </tr>-->
  <tr>
    <td width="22%" valign="top">&nbsp;</td>
    <td width="78%">

<input name="id" type="hidden" value="0">      <input name="Submit" type="submit" class="formbtn" value="保存">
    </td>
  </tr>
</table>
</div>
</div>
</form>

<?php include("fend.inc"); ?>

</body>
</html>